[syslinux] Requesting the removal of md5pass
Dag Wieers
dag at wieers.com
Fri Jun 24 09:32:49 PDT 2011
On Fri, 24 Jun 2011, H. Peter Anvin wrote:
> On 06/24/2011 08:41 AM, Dag Wieers wrote:
>>
>> The md5pass tool does not offer anything that is not possible using
>> openssl, eg:
>>
>> openssl passwd -1 <password>
>> or
>> openssl passwd -1 -salt <string> <password>
>>
>> So the tool could easily be replaced by a shell-script, or removed
>> entirely.
>
> Makes sense, although now it depends on openssl ;)
But at least that ships with RHEL/CentOS and most other distributions ;-)
>> Can't we just replace this with a simple shell-script using openssl or get
>> rid of it ? Or does it serve a greater purpose ? :)
>
> Not really. Shell script would be fine.
>
> Another alternative -- which almost certainly would be the best -- would
> be to write host-side C wrappers around the crypto algorithms we already
> have. That way we can get rid of any external dependencies.
Right. Although I would not mind to update the documentation and simply
indicate how to use openssl to generate the passwords instead.
>> PS2 For sha1pass there doesn't seem to be an equivalent in openssl, but it
>> seems very useful to have that added to openssl as well (-4 ?).
>
> The particular SHA-1 password implementation in Syslinux is
> Syslinux-specific and probably pretty poor.
Either there's a use for it (which may have a broader audience through
openssl) or there isn't and we could get rid of $4$... passwords ?
Whatever we decide, do you think this is 4.05 or 4.10 material ?
--
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, info at dagit.net, http://dagit.net/
[Any errors in spelling, tact or fact are transmission errors]
More information about the Syslinux
mailing list